Is it possible to cause a process to transition to a new domain but only if it reads a file with a certain label? I am interested in imposing this by modifying the SELinux policy only, that is, not requiring any action on the part of the process itself. You could think of this as a rough analog to HiStar and others' "tainting". -- Mike :wq